Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for Group Policy Management #154

Closed
denelon opened this issue May 15, 2020 · 8 comments
Closed

Support for Group Policy Management #154

denelon opened this issue May 15, 2020 · 8 comments
Assignees
Labels
Issue-Feature This is a feature request for the Windows Package Manager client.

Comments

@denelon
Copy link
Contributor

denelon commented May 15, 2020

As an IT professionalI want to be able to control the winget configuration for machines I manage policies for.

@denelon denelon added the Issue-Feature This is a feature request for the Windows Package Manager client. label May 15, 2020
@denelon denelon added this to the Package Manager Backlog milestone May 23, 2020
@denelon denelon modified the milestones: Package Manager Backlog, Package Manager v0.12.x Aug 19, 2020
@denelon denelon added the Size-L label Sep 24, 2020
@denelon
Copy link
Contributor Author

denelon commented Feb 4, 2021

Here is a list of policies we're considering:

Enable Windows Package Manager
This policy controls whether the Windows Package Manager can be used by users.
If you enable or do not configure this setting, users will be able to use the Windows Package Manager.
If you disable this setting, users will not be able to use the Windows Package Manager.

Enable Windows Package Manager Settings Command
This policy controls whether users can change their settings.
If you enable or do not configure this setting, users will be able to change settings for the Windows Package Manager.
If you disable this setting, users will not be able to change settings for the Windows Package Manager.

Enable Windows Package Manager Hash Override Argument
This policy controls whether or not the Windows Package Manager can be configured to enable the ability override the SHA256 security validation via Windows Package Manager settings.
If you enable or do not configure this policy, users will be able to enable the ability override the SHA256 security validation via Windows Package Manager settings.
If you disable this policy, users will not be able to enable the ability override the SHA256 security validation via Windows Package Manager settings.

Enable Windows Package Manager Experimental Features
This policy controls whether users can enable experimental features in the Windows Package Manager.
If you enable or do not configure this setting, users will be able to enable experimental features for the Windows Package Manager.
If you disable this setting, users will not be able to enable experimental features for the Windows Package Manager.

Enable Windows Package Manager Local Manifest Files
This policy controls whether users can install packages with local manifest files.
If you enable or do not configure this setting, users will be able to install packages with local manifests using the Windows Package Manager.
If you disable this setting, users will not be able to install packages with local manifests using the Windows Package Manager.

Set Windows Package Manager Source Auto Update Interval In Minutes
This policy controls the auto update interval for package-based sources.
If you disable or do not configure this setting, the default interval or the value specified in settings will be used by the Windows Package Manager.
If you enable this setting, the number of minutes specified will be used by the Windows Package Manager.

Enable Windows Package Manager Default Source
This policy controls the default source included with the Windows Package Manager.
If you do not configure this setting, the default source for the Windows Package Manager will be available and can be removed.
If you enable this setting, the default source for the Windows Package Manager will be available and cannot be removed.
If you disable this setting the default source for the Windows Package Manager will not be available.

Enable Windows Package Manager Microsoft Store Source
This policy controls the Microsoft Store source included with the Windows Package Manager.
If you do not configure this setting, the Microsoft Store source for the Windows Package manager will be available and can be removed.
If you enable this setting, the Microsoft Store source for the Windows Package Manager will be available and cannot be removed.
If you disable this setting the Microsoft Store source for the Windows Package Manager will not be available.

Enable Additional Windows Package Manager Sources
This policy controls additional sources provided by the enterprise IT administrator.
If you do not configure this policy, no additional sources will be configured for the Windows Package Manager.
If you enable this policy, the additional sources will be added to the Windows Package Manager and cannot be removed. Each additional source requires a name, argument (URL), and type (Microsoft.Rest or Microsoft.PreIndexed.Package).
If you disable this policy, no additional sources can be configured for the Windows Package Manager.

Enable Windows Package Manager Allowed Sources
This policy controls additional sources allowed by the enterprise IT administrator.
If you do not configure this policy, users will be able to add or remove additional sources other than those configured by policy.
If you enable this policy, only the sources specified can be added or removed from the Windows Package Manager. Each allowed source requires a name, argument (URL), and type (Microsoft.Rest or Microsoft.PreIndexed.Package).
If you disable this policy, no additional sources can be configured for the Windows Package Manager.

@sebawern
Copy link

sebawern commented Feb 4, 2021

I‘d rather (or also?) like to be able to configure this using Intune (even if that means using CSPs).

@denelon
Copy link
Contributor Author

denelon commented Mar 4, 2021

We will have CSP as well.

@denelon
Copy link
Contributor Author

denelon commented Mar 10, 2021

#789

@jedieaston
Copy link
Contributor

These look great!

Two questions:

  1. For "Enable Windows Package Manager Settings Command", does this block the user from editing the file in %LOCALAPPDATA%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\settings.json by changing file system permissions, or does it just block the winget settings command?

  2. For "Enable Windows Package Manager Allowed Sources", is there a way (currently or planned) for a user to get a list of the allowed sources?

@denelon
Copy link
Contributor Author

denelon commented Apr 4, 2021

@jedieaston, thanks for taking a look. We're planning on "retaining" the settings such that if the policies are "removed", the user will default back to their settings file. It's just going to block the "winget -settings" command. The intent is just to reduce the confusion when there are settings conflicting with policies.

The policies will be available via winget --info. We use that for troubleshooting, and figure that's the best place. Since we ask for that output with bugs, it's hopefully an obvious place to see what is affecting users.

@jedieaston
Copy link
Contributor

I just thought of another one that would be nice to see: limit users to installing only "User-scoped" manifests that can be installed without admin rights. Preferably, this would also hide manifests that are scoped for the entire system from showing up in winget search.

This would help a ton with preventing user confusion when they get winget and half the things they try to install don't work, since this way winget can hopefully explain what's going on or not show them packages they won't be able to install anyway.

@denelon
Copy link
Contributor Author

denelon commented May 3, 2021

The initial work for group policy has been released.

https://aka.ms/winget-policy also hosts the files for ADMX Ingestion.

@denelon denelon closed this as completed May 3, 2021
@denelon denelon modified the milestones: Package Manager v0.12.x, v1.0 - Windows Package Manager May 4, 2021
jedieaston added a commit to jedieaston/winget-cli that referenced this issue Jul 22, 2022
94d3bfd3 Fix format regex escape sequences
25dcdb1c Merge pull request microsoft#160 from jrave/time-format-fields
dee2fa64 Support for time related format fields
5f49d77b Basic structure for format constraint
a6a4fbb5 Remove redundant call to baseline
0de61e0c Tidy up readme
1ff36254 Add script to bundle library into a single header
21322b2d Move Adapter and BasicAdapter classes to internal
23724b97 Merge pull request microsoft#159 from jackorobot/fix_poco_get_integer
72afeb1f Fixed PocoJsonValue::getInteger being limited to 32-bit integers
4d603df4 Update Authors file
0e3f48c8 Remove vendored copy of urdl
9e7dbd84 Remove outdated Xcode project files
2f6760f6 Merge pull request microsoft#154 from psigen/yaml-cpp-support
f4bbf4e0 Remove non-critical yaml-cpp files from PR.
b685584e Add optimization for find implementation.
c688aa3b Add a unit test for object member access.
76c9f40c Added simple loading utility.
66424a11 Added a column limit to the file.
f03461bb Fixed issue with YAML::Node reference usage.
7f23f369 Fix unit tests to match property tree.
698936ae Added missing dep for YAML-cpp.
328db2f6 Initial pass at yaml-cpp support.
34f75118 Add note about GCC versions to readme
5ca87a61 Remove very obsolete valgrind suppressions file
27d30658 Update vendored jsoncpp to version 1.9.5
c2822576 Update CMakeLists to use add_compile_definitions
f9701392 Remove unnecessary indentation from code snippets in readme
7d4ea908 Add boost::json example and delete problematic constructors
d34f78b4 Improve error messaging when parsing schemas and documents
dd32f66d Build tests for fuzzing
8b5f253c Tweak readme formatting
a2e39586 Remove Travis CI config
3940b361 Mention web-based demo in readme
f5f979b0 Mention boost compiler warnings in README
80afdef5 Merge pull request microsoft#150 from jonpetri/jonpetri/cmake-improvements
4622b958 Set valijson_BUILD_TESTS  OFF by default in cmake
50010fd9 Make VALIJSON_USE_EXCEPTIONS interface definition
c5dac2bc Install cmake export file
c7d5f2cb Remove valijson_INSTALL_HEADERS from cmake build
bfb5860c Fix fuzzer build
7b865438 Merge pull request microsoft#147 from keith-bennett-airmap/keith/shellcheck
1f25558c make shellcheck clean
3c185cb8 Merge pull request microsoft#145 from mporsch/smart-pointer-memory-management
828fc876 use implicit conversion of unique_ptr<T, DeleterA> to unique_ptr<const T, DeleterB>
cf841e10 use unique_ptr for memory management in constraints and subschema
4a99dd79 Add missing include
75ada05c Use strong types in external_schema example, and update README
26f3a847 Less const-ness
3eaf1bb9 Add note about VALIJSON_USE_EXCEPTIONS to the README
4990e352 Update inspector to enable and handle exceptions
af071f01 Update inspector build to work with Qt6
7b6d22f1 Update CMakeLists.txt to check for boost/json.hpp before building tests
5da89730 Merge pull request microsoft#139 from YangJiao1996/master
0f0cc2bc Always apply callback function when validating schema
9a2ebbde Merge pull request microsoft#137 from veselypeta/readme-cmake
e5530feb update README add with cmake

git-subtree-dir: src/Valijson/valijson
git-subtree-split: 94d3bfd39ad4dca1be0f700b5eea8e4234d0e7e8
jedieaston added a commit to jedieaston/winget-cli that referenced this issue Jul 22, 2022
94d3bfd3 Fix format regex escape sequences
25dcdb1c Merge pull request microsoft#160 from jrave/time-format-fields
dee2fa64 Support for time related format fields
5f49d77b Basic structure for format constraint
a6a4fbb5 Remove redundant call to baseline
0de61e0c Tidy up readme
1ff36254 Add script to bundle library into a single header
21322b2d Move Adapter and BasicAdapter classes to internal
23724b97 Merge pull request microsoft#159 from jackorobot/fix_poco_get_integer
72afeb1f Fixed PocoJsonValue::getInteger being limited to 32-bit integers
4d603df4 Update Authors file
0e3f48c8 Remove vendored copy of urdl
9e7dbd84 Remove outdated Xcode project files
2f6760f6 Merge pull request microsoft#154 from psigen/yaml-cpp-support
f4bbf4e0 Remove non-critical yaml-cpp files from PR.
b685584e Add optimization for find implementation.
c688aa3b Add a unit test for object member access.
76c9f40c Added simple loading utility.
66424a11 Added a column limit to the file.
f03461bb Fixed issue with YAML::Node reference usage.
7f23f369 Fix unit tests to match property tree.
698936ae Added missing dep for YAML-cpp.
328db2f6 Initial pass at yaml-cpp support.
34f75118 Add note about GCC versions to readme
5ca87a61 Remove very obsolete valgrind suppressions file
27d30658 Update vendored jsoncpp to version 1.9.5
c2822576 Update CMakeLists to use add_compile_definitions
f9701392 Remove unnecessary indentation from code snippets in readme
7d4ea908 Add boost::json example and delete problematic constructors
d34f78b4 Improve error messaging when parsing schemas and documents
dd32f66d Build tests for fuzzing
8b5f253c Tweak readme formatting
a2e39586 Remove Travis CI config
3940b361 Mention web-based demo in readme
f5f979b0 Mention boost compiler warnings in README
80afdef5 Merge pull request microsoft#150 from jonpetri/jonpetri/cmake-improvements
4622b958 Set valijson_BUILD_TESTS  OFF by default in cmake
50010fd9 Make VALIJSON_USE_EXCEPTIONS interface definition
c5dac2bc Install cmake export file
c7d5f2cb Remove valijson_INSTALL_HEADERS from cmake build
bfb5860c Fix fuzzer build
7b865438 Merge pull request microsoft#147 from keith-bennett-airmap/keith/shellcheck
1f25558c make shellcheck clean
3c185cb8 Merge pull request microsoft#145 from mporsch/smart-pointer-memory-management
828fc876 use implicit conversion of unique_ptr<T, DeleterA> to unique_ptr<const T, DeleterB>
cf841e10 use unique_ptr for memory management in constraints and subschema
4a99dd79 Add missing include
75ada05c Use strong types in external_schema example, and update README
26f3a847 Less const-ness
3eaf1bb9 Add note about VALIJSON_USE_EXCEPTIONS to the README
4990e352 Update inspector to enable and handle exceptions
af071f01 Update inspector build to work with Qt6
7b6d22f1 Update CMakeLists.txt to check for boost/json.hpp before building tests
5da89730 Merge pull request microsoft#139 from YangJiao1996/master
0f0cc2bc Always apply callback function when validating schema
9a2ebbde Merge pull request microsoft#137 from veselypeta/readme-cmake
e5530feb update README add with cmake

git-subtree-dir: src/Valijson/valijson
git-subtree-split: 94d3bfd39ad4dca1be0f700b5eea8e4234d0e7e8
yao-msft added a commit to yao-msft/winget-cli that referenced this issue Jun 27, 2024
0b4771e2 Merge branch 'domire8-fix/yaml-cpp-adapter'
afc92d54 Change isString to IsString
5d7a6c5c Fix isString() method in yaml_cpp_adapter
9de00d75 Bump minimum cmake version to 3.5.1
d52d2dd0 Use string instead string_view
373576a3 Process each invalid example separately in picojson_format_test
0b7efb37 Make subschema constraint validation clearer
0530af07 Improve PicoJSON format test example
cd9258c2 Add picojson example
138c3785 Tweak behaviour of format constraint validation
92b9514b Revert "fail with the first unmet constraint to avoid running into type mismatches"
aee67d58 fail with the first unmet constraint to avoid running into type mismatches
f716227d check the type constraint first because others might rely on it
f1902801 Merge pull request microsoft#179 from DavidKorczynski/cifuzz-int
3c63c49d Add CIFuzz Github Action
4d857316 Revert "Bump nlohmann-json submodule"
8065a5ac Bump nlohmann-json submodule
5dcec3ef Merge pull request microsoft#177 from taichi-dev/master
94ca772c [Build] Make it work on Linux (#1)
780bf067 Rework adapter to build on VS 2022 with latest JSON for modern C++
f7399c1a Merge pull request microsoft#175 from cbrumgard/master
9e5b479b Fixed validation_visitor to work with adaptors that only support the forward_iterator_tag for array value iterators.
2acde8ec Merge pull request microsoft#172 from silvergasp/ci
e339c2c2 Adds Github Actions configuration for CI
65ba76e4 Merge pull request microsoft#169 from AustinHaigh-Hach/fix-typos
f1ff3518 fix typos in preprocessor macros
78ac8a73 Correct token replacement issue
c4355eaa Simplify implementation of YamlCppObject::find()
375eaae0 Tidy up doc-comments
db8daacc Add std::nothrow when using operator new
e895d035 Attempt to fix oss-fuzz build
d9c9d2eb Revert nlohmann-json module to 3.1.2
8d04b757 Fix whitespace in .gitmodules
2642dd4e Bump rapidjson submodule to 06d58b9
74bd2a99 Switch to using submodule for JSON-Schema-Test-Suite
2fe3c829 Switch to using submodule for googletest
b63a08f3 Switch to using submodule for json11
444bc02d Switch to using submodule for jsoncpp
ac122d9e Switch to using submodule for yaml-cpp
fb995ceb Switch to using submodule for nlohmann-json
582fd0fc Switch to using submodule for rapidjson
008c7ca4 Update readme
2cef1a65 Switch to submodule for picojson
c0ce4cde Correct typo in license
d397ac60 Include <limits> header in custom_allocator.hpp
94d3bfd3 Fix format regex escape sequences
25dcdb1c Merge pull request microsoft#160 from jrave/time-format-fields
dee2fa64 Support for time related format fields
5f49d77b Basic structure for format constraint
a6a4fbb5 Remove redundant call to baseline
0de61e0c Tidy up readme
1ff36254 Add script to bundle library into a single header
21322b2d Move Adapter and BasicAdapter classes to internal
23724b97 Merge pull request microsoft#159 from jackorobot/fix_poco_get_integer
72afeb1f Fixed PocoJsonValue::getInteger being limited to 32-bit integers
4d603df4 Update Authors file
0e3f48c8 Remove vendored copy of urdl
9e7dbd84 Remove outdated Xcode project files
2f6760f6 Merge pull request microsoft#154 from psigen/yaml-cpp-support
f4bbf4e0 Remove non-critical yaml-cpp files from PR.
b685584e Add optimization for find implementation.
c688aa3b Add a unit test for object member access.
76c9f40c Added simple loading utility.
66424a11 Added a column limit to the file.
f03461bb Fixed issue with YAML::Node reference usage.
7f23f369 Fix unit tests to match property tree.
698936ae Added missing dep for YAML-cpp.
328db2f6 Initial pass at yaml-cpp support.
34f75118 Add note about GCC versions to readme
5ca87a61 Remove very obsolete valgrind suppressions file
27d30658 Update vendored jsoncpp to version 1.9.5
c2822576 Update CMakeLists to use add_compile_definitions
f9701392 Remove unnecessary indentation from code snippets in readme
7d4ea908 Add boost::json example and delete problematic constructors
d34f78b4 Improve error messaging when parsing schemas and documents
dd32f66d Build tests for fuzzing
8b5f253c Tweak readme formatting
a2e39586 Remove Travis CI config
3940b361 Mention web-based demo in readme
f5f979b0 Mention boost compiler warnings in README
80afdef5 Merge pull request microsoft#150 from jonpetri/jonpetri/cmake-improvements
4622b958 Set valijson_BUILD_TESTS  OFF by default in cmake
50010fd9 Make VALIJSON_USE_EXCEPTIONS interface definition
c5dac2bc Install cmake export file
c7d5f2cb Remove valijson_INSTALL_HEADERS from cmake build
bfb5860c Fix fuzzer build
7b865438 Merge pull request microsoft#147 from keith-bennett-airmap/keith/shellcheck
1f25558c make shellcheck clean
3c185cb8 Merge pull request microsoft#145 from mporsch/smart-pointer-memory-management
828fc876 use implicit conversion of unique_ptr<T, DeleterA> to unique_ptr<const T, DeleterB>
cf841e10 use unique_ptr for memory management in constraints and subschema
4a99dd79 Add missing include
75ada05c Use strong types in external_schema example, and update README
26f3a847 Less const-ness
3eaf1bb9 Add note about VALIJSON_USE_EXCEPTIONS to the README
4990e352 Update inspector to enable and handle exceptions
af071f01 Update inspector build to work with Qt6
7b6d22f1 Update CMakeLists.txt to check for boost/json.hpp before building tests
5da89730 Merge pull request microsoft#139 from YangJiao1996/master
0f0cc2bc Always apply callback function when validating schema
9a2ebbde Merge pull request microsoft#137 from veselypeta/readme-cmake
e5530feb update README add with cmake

git-subtree-dir: src/Valijson/valijson
git-subtree-split: 0b4771e273a065d437814baf426bcfcafec0f434
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Issue-Feature This is a feature request for the Windows Package Manager client.
Projects
None yet
Development

No branches or pull requests

4 participants